Most modern operating systems being used with consumer electronic devices are based on discretionary access security. As consumer electronic devices become more networked, such security is not considered adequate. In addition, these operating systems do not provide a flexible mechanism for enhancing security. One way to encourage adding security is to provide a security framework which will encapsulate the building blocks in one well, known region having well defined inputs and outputs.
A few objectives for such a security framework are as follows: first, to present a common application programming interface for various security components to entities outside of the kernel; second, to ensure user level interactions with security components stays consistent even as lower level components change over time; and third, to establish a well defined communication path with the security components that reside within the security framework. The present invention presents a security architecture designed to meet these as well as other objectives.